[95428] in North American Network Operators' Group
Re: Linksys WAG200G - Information disclosure (fwd)
daemon@ATHENA.MIT.EDU (Robert Boyle)
Tue Mar 20 19:09:29 2007
Date: Tue, 20 Mar 2007 19:08:02 -0400
To: Gadi Evron <ge@linuxbox.org>, dniggebrugge@hotmail.com
From: Robert Boyle <robert@tellurian.com>
Cc: nanog@merit.edu
In-Reply-To: <Pine.LNX.4.21.0703201647520.10542-100000@linuxbox.org>
Errors-To: owner-nanog@merit.edu
At 05:48 PM 3/20/2007, you wrote:
>I wonder what their security process is for other types of routers?
Try psirt@cisco.com
http://www.cisco.com/en/US/products/products_security_vulnerability_policy.h=
tml#Problems
-Robert
>---------- Forwarded message ----------
>Date: 20 Mar 2007 20:31:01 -0000
>From: dniggebrugge@hotmail.com
>To: bugtraq@securityfocus.com
>Subject: Linksys WAG200G - Information disclosure
>
>Hi there,
>
>About 2 months ago I bought a wireless ADSL=20
>modem/router, the Linksys WAG200G. Just did some=20
>basic security checks and to my utter surprise=20
>the device responded with about all sensitive information it knows:
>
>* Product model
>* Password webinterface
>* Username PPPoA
>* Password PPPoA
>* SSID
>* WPA Passphrase
>
>I notified Linksys, got some regular support=20
>questions and was then assured my concerns would=20
>be forwarded to the product engineers. Some=20
>weeks later I tried again, same message, silence since then.
>
>My firmware version is 1.01.01, latest available for this type.
>
>'Technical' info:
>Sent a packet to UDP port 916.
>Answer contains mentioned information.
>(LAN interface and Wireless interface)
>
>Greetings,
>Dani=EBl Niggebrugge
Tellurian Networks - Global Hosting Solutions Since 1995
http://www.tellurian.com | 888-TELLURIAN | 973-300-9211
"Well done is better than well said." - Benjamin Franklin
